Klaviyo Deliverability Guide: SPF, DKIM, DMARC for 2026

Klaviyo deliverability for a Shopify brand depends on three DNS records that authenticate your domain (SPF, DKIM, DMARC), the warm-up of your sending domain, and the engagement behavior of your list. Without these three DNS records configured correctly, a Klaviyo send lands in spam or Gmail Promotions 15–35% of the time. With SPF + DKIM + DMARC properly set and a reasonably clean list, inbox placement climbs to 92–97%.

This is the technical check-up we run on every new client before touching a single flow. If inbox placement is below 85%, every optimization to copy, timing, or offer is wasted: the customer doesn't see the message. Written for Shopify DTC founders between $500k and $5M GMV.

Why deliverability is the invisible multiplier

A brand sending 100,000 emails per month with 80% inbox placement actually delivers 80,000. The same brand at 95% delivers 95,000 — +18% real audience without changing a single character of copy. On flow revenue, that 18% additional audience translates directly to 10–15% incremental revenue (the rest is lost to overlap and friction).

Three metrics to watch, in order:

1. Inbox placement rate. Target: 92–97%. Below 85% is a serious problem.
2. Spam complaint rate. Target: under 0.1%. Above 0.3% triggers automatic provider filters.
3. Bounce rate. Target: under 0.5% on a clean list. Above 2% signals a toxic list.

To measure them, Klaviyo provides an internal benchmark; for the "true" inbox placement number, tools like GlockApps or Inbox Monster are required.

1. SPF (Sender Policy Framework)

SPF is a TXT record on your domain that says: "Klaviyo has permission to send email on my behalf." Without SPF, Gmail and Outlook treat your sends as potential spoofing.

How to configure:

1. Go to your domain DNS manager (Cloudflare, Route 53, GoDaddy, Namecheap)
2. Add a TXT record on host @ (or domain root)
3. The value must include include:_spf.klaviyo.com

Example complete SPF record if you use Klaviyo + Shopify + Google Workspace:

`` v=spf1 include:_spf.google.com include:_spf.klaviyo.com include:shops.shopify.com ~all ``

Common errors:

• Having two separate SPF records. Illegal — SPF allows only one record per domain. Unify them into a single string with multiple include:.
• Using -all instead of ~all in the early phase. ~all is "softfail" (provider treats with suspicion but accepts), -all is "hardfail" (rejects). Start with ~all, move to -all only after 30+ days of clean SPF.

2. DKIM (DomainKeys Identified Mail)

DKIM is a cryptographic signature that proves: "this message was actually generated by Klaviyo with permission from your domain." Without DKIM, providers consider the domain unauthenticated.

How to configure in Klaviyo:

1. Go to Klaviyo → Account → Settings → Domains & Hosting → Dedicated Sending Domain
2. Add your domain (e.g. mail.yourbrand.com)
3. Klaviyo gives you 2 CNAME records to add to DNS. Typically k1._domainkey.yourbrand.com → klaviyo1.some-id.dkim.klaviyo-mail.com
4. Add them to the DNS manager. Propagation: 15 min – 48 hours
5. Return to Klaviyo and click "Verify". If green, DKIM is active

Common error: configuring DKIM on the root domain (e.g. yourbrand.com) instead of a dedicated subdomain (e.g. mail.yourbrand.com). A dedicated subdomain isolates send reputation from your main web domain — if the list goes to spam, the web domain doesn't suffer.

3. DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC is the policy that tells providers: "if SPF or DKIM fail, what do you do?" Without DMARC, Gmail since February 2024 treats bulk senders as untrusted and routes them to spam aggressively. Yahoo and Microsoft now follow similar rules — DMARC is non-negotiable in 2026.

How to configure:

1. Add a TXT record on host _dmarc on your domain
2. Minimum functional value: v=DMARC1; p=none; rua=mailto:dmarc-reports@yourbrand.com
3. Policy p=none is step 1 (monitoring only). After 30 days, if reports are clean, move to p=quarantine (suspect to spam). After another 30 days, to p=reject.

Common error: skipping the p=none phase and starting directly with p=reject. If SPF or DKIM has a non-obvious problem, you're rejecting legitimate emails. The monitoring phase is essential.

Sending domain warm-up

If you switched ESP or activated a new dedicated subdomain, Gmail/Outlook don't know you. Sending 20,000 emails per day immediately puts you in spam for months. Warm-up: over 14–21 days, gradually ramp volumes.

Example 21-day warm-up for a brand with 30,000 active subscribers:

• Days 1–3: send only to Engaged 7 days segment (typically 500–1,500 people)
• Days 4–7: extend to Engaged 14 days
• Days 8–14: extend to Engaged 30 days (5,000–8,000)
• Days 15–21: extend to Engaged 90 days
• Day 22+: full volume on Engaged 90 + VIP + tactical campaigns

If during warm-up you see spam complaints >0.3% or hard bounce >2%, stop, diagnose, restart.

List hygiene — the silent work

Segments to maintain and use actively:

• Unengaged 365 days: no opens or clicks in 365 days. Suppress or sunset. They're dead weight.
• Hard bounces / invalid emails: Klaviyo suspends them automatically, but check every quarter.
• Role-based addresses: addresses like info@, sales@, admin@. High spam-mark rate. Optional to suppress them in marketing list.

Suppressing 5,000 inactives from a list of 30,000 improves inbox placement by 4–8% within 30 days. Feels painful, but increases revenue because emails reach the people who actually read them.

Quick deliverability checklist

The one we run on clients as first audit:

1. SPF configured with include:_spf.klaviyo.com: yes/no
2. DKIM verified (green in Klaviyo): yes/no
3. DMARC configured at least p=none: yes/no
4. Dedicated sending domain (e.g. mail.brand.com, not brand.com): yes/no
5. Warm-up completed (30+ days from activation): yes/no
6. "Engaged 30d" segment used as campaign baseline: yes/no
7. Unengaged 365d suppressed or on double opt-in: yes/no
8. Spam complaint rate <0.3% last month: yes/no
9. Bounce rate <2% last month: yes/no
10. Inbox placement tested (GlockApps or similar) last month: yes/no

Less than 8 yeses out of 10: deliverability has work to do.

FAQ

How long does it take to fix Klaviyo deliverability?

DNS (SPF + DKIM + DMARC): 1 day setup + 48 hours propagation. Warm-up of a new domain: 21-day schedule. Recovery of a compromised reputation (e.g. landed in Gmail spam): 30–90 days with list hygiene + warm-up + pause on bulk sends. Typical total: 45 days for a brand starting with no DNS to a clean state.

Is a dedicated sending domain mandatory?

Not mandatory, but strongly recommended above 10,000 active subscribers. Without a dedicated subdomain (e.g. mail.yourbrand.com), the reputation of your web domain and your email sending reputation are the same — if the list goes to spam, even your transactional Shopify sends (orders, confirmations) are at risk. Klaviyo recommends a dedicated sending domain in initial setup.

How do I check if my emails are landing in Gmail Promotions?

Promotions is the "intermediate" Gmail tab: not spam, not main inbox. To test it: send a campaign test to a non-engaged Gmail account of yours and check where it lands. For a wider sample, use GlockApps or Inbox Monster — they send the same email to 50–100 seed inboxes and report where it landed.

Does Klaviyo have integrated DMARC monitoring?

Yes, in the Deliverability tab of Klaviyo you find a synthetic indicator of send reputation + some DMARC signals. But for detailed DMARC report analysis you need a dedicated tool (Postmark DMARC, Valimail, Dmarcian) — often free up to N domains.

What to do if inbox placement is below 70%?

Three immediate actions, in order: (1) stop all non-essential campaigns for 7 days, (2) verify DNS (SPF, DKIM, DMARC, all green), (3) execute aggressive list hygiene (remove unengaged 180d+, bounces, role-based). After 14 days of pause + hygiene, restart with gradual warm-up only on the engaged 30d segment. Full recovery typically 45–60 days.

---

Suspect deliverability is eating your revenue? In 30 minutes we open your Klaviyo, check DNS, inbox placement, and list hygiene, and give you the 2 fixes that matter. Book a call.

Article updated April 2026 by the Subjectlime team — Klaviyo Platinum Partner + Shopify Partner.